{{- define "safe_agent_updater_resources" }}
cpu: 10m
memory: 50Mi
{{- end }}
---
{{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: safe-agent-updater
  namespace: d8-{{ $.Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app" "safe-agent-updater" "workload-resource-policy.deckhouse.io" "every-node")) | nindent 2 }}
spec:
  targetRef:
    apiVersion: apps/v1
    kind: DaemonSet
    name: safe-agent-updater
  updatePolicy:
    updateMode: "Off"
{{- end }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: safe-agent-updater
  namespace: d8-{{ .Chart.Name }}
  {{ include "helm_lib_module_labels" (list . (dict "app" "safe-agent-updater")) | nindent 2 }}
spec:
  selector:
    matchLabels:
      app: safe-agent-updater
  updateStrategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
  template:
    metadata:
      annotations:
        safe-agent-updater-daemonset-generation: {{ include "agent_daemonset_template" (list . "undefined") | sha256sum | quote }}
      labels:
        app: safe-agent-updater
    spec:
      {{- include "helm_lib_priority_class" (tuple . "system-node-critical") | nindent 6 }}
      {{- include "helm_lib_tolerations" (tuple . "any-node" "with-uninitialized" "with-cloud-provider-uninitialized" "with-storage-problems") | nindent 6 }}
      {{- include "helm_lib_module_pod_security_context_run_as_user_deckhouse" . | nindent 6 }}
      terminationGracePeriodSeconds: 1
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      imagePullSecrets:
      - name: deckhouse-registry
      serviceAccountName: safe-agent-updater
      initContainers:
      {{- include "module_init_container_check_linux_kernel" (tuple . ">= 4.9.17") | nindent 6 }}
      - name: prepull-image-cilium
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_image" (list . "agentDistroless") }}
        command:
        - "/usr/bin/true"
        terminationMessagePolicy: FallbackToLogsOnError
        resources:
          requests:
            {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}
      - name: prepull-image-kube-rbac-proxy
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_image" (list . "kubeRbacProxy") }}
        command:
        - "/bin/true"
        terminationMessagePolicy: FallbackToLogsOnError
        resources:
          requests:
            {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}
      - name: safe-agent-updater
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_image" (list . "safeAgentUpdater") }}
        imagePullPolicy: IfNotPresent
        command:
        - /safe-agent-updater
        env:
        - name: NODE_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
        - name: KUBERNETES_SERVICE_HOST
          value: "127.0.0.1"
        - name: KUBERNETES_SERVICE_PORT
          value: "6445"
        resources:
          requests:
            {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}
            {{- include "safe_agent_updater_resources" . | nindent 12 }}
      containers:
      - name: pause-cilium
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_image" (list . "agentDistroless") }}
        command:
        - /pause
        resources:
          requests:
            cpu: "10m"
            memory: "1Mi"
            {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}
      - name: pause-check-linux-kernel
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_image" (list . "checkKernelVersion") }}
        command:
        - /pause
        resources:
          requests:
            cpu: "10m"
            memory: "1Mi"
            {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}
      - name: pause-kube-rbac-proxy
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_image" (list . "kubeRbacProxy") }}
        command:
        - /pause
        resources:
          requests:
            cpu: "10m"
            memory: "1Mi"
            {{- include "helm_lib_module_ephemeral_storage_only_logs" . | nindent 12 }}



